Receipt Logger
Security checks across malware telemetry and agentic risk
Overview
This audit-log skill is not malicious, but it needs review because it promises a runnable, signed receipt logger while the actual CLI implementation is missing.
Review before installing or relying on this skill. It does not include the receipt-logger executable it advertises, so do not treat its tamper-proof signing claims as proven. If you test a future complete version, avoid logging secrets, tokens, personal data, confidential prompts, or regulated information unless storage and export protections are clear.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
60/60 vendors flagged this skill as clean.